How-To get an Amiga surfing the HTTPS waves in 2018

Hello fellow nerds, this is a short description on how to use hacker-skills to get securely online with an old Amiga in these times of encrypted web, without dealing with AmiSSL - And use the more powerful CPU of a modern computer for the dirty-work.

What you need

A Raspberry Pi 3 or some other computer with two Ethernet cards. In my case I've used the Pi connected to my WiFi and the Ethernet port to a switch and on the switch I connected the Amigas with Ethernet cards. Since I am the paranoid type I segment my network in a quirky way so WiFi (without VPN) would not work for other solutions I use with my Amigas, so I just bought a cheap ass USB-Ethernet card and hooked it up to the Pi. (The bandwidth is totally enough for Amigas - I promise). On the Pi i run Raspbian GNU/Linux.

Set the Amiga-side Ethernet-card to a static IP and this IP will be the router you're gonna use.

In my case eth0 is the Amiga-side and eth1 is my LAN side (wlan0 if you use WiFi to connect to your network).

Depending on you linux-system and if you use systemd or not this is done either in the old-school /etc/network/interfaces file or in the /etc/dhcp/dhclient.conf on modern flavors.

You will also need the SSLStrip tool available here: https://moxie.org/software/sslstrip/

Once you followed the instructions on how to use it, set it up too start at boot some-time. For example in /etc/rc.local or something to listen to port 8080:

$ sslstrip -l 8080 &

Do not forget the & if you put it in rc.local, otherwise the machine will hang there and not continue booting, & forks the process, much like the Run command in AmigaDOS.

Setting up a Linux router

If you have never set-up a Linux based NAT:ing router I will show you here, real quick:

First of all you need to enable ipv4 forwarding on the system. This is done (so that it will work after reboot) by making sure your /etc/sysctl.conf contains the row:

net.ipv4.ip_forward=1

To enable it in your current boot just reload the sysctl with:

$ sysctl -r

Then it's time to do some NAT:ing so that the Amiga-side of the router has it's own network. This can be a good thing for many reasons. Let Amigas talk to each other in the trusty 90's style of un-encrypted network trafic without letting it run around free in your home LAN, or WiFi:

$ iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
$ iptables -A POSTROUTING -o eth1 -j MASQUERADE

Remember to change the eth0 and eth1 according to your set-up.

Make your Amiga part of the sub-net in the Amiga-side of the Raspberry Pi router, and point it to your ordinary DNSes outside the router (or if you set-up a dnsmasq-server you can use the Pi as DNS server too), let the Amigas use the Pi's IP as gateway/router too.

Make sure your Amigas can access the interwebz (at least ping or something you KNOW is HTTP only).

To make these rules persistent to the next reboot just store the firewall for reuse:

$ iptables-save

Making a man-in-the-middle attack on yourself

This is a hacker technique to sniff traffic between machines - even encrypted traffic. But in this case I will use it for the greater good! Surfing the web with the Amigas that I love so.

Set-up a firewall rule to intercept HTTP requests:

$ iptables iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Make sure you can surf to a web address in your Amiga browser. Choose one that is usually HTTPS for example http://www.aio.nu which automatically redirects to https, and if all plays well save the firewall rule as before, to make it persistent for next boot:

$ iptables-save

Enjoy surfing the web!

You will never _write_ "https" in the address, nor with the Amiga ever try to use https-links. They will be magically changed to "http", only.

Another tip!

You can also use the raspberry pi to connect to other things using for example stunnel to access mailboxes, just set the listen port on the Pi to accept connections from the Amigas and the other end to the SSL-service you want to use on the web. I use it for IMAPS, SSMTP and IRC-SSL, for example. Setting the Pi's IP as server for the clients I use.

Enjoy!

Back to the index:

https://www.aio.nu/retro_computer_notes.html

Kind regards,

Your nerd friend AiO

https://www.aio.nu